131102 matches found
Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-22679)
Microsoft Internet Explorer is a popular WEB browser. A memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to exploit the vulnerability by presenting a specially crafted web page and tricking the user into parsing it, which could cause the applicati...
Joomla! cross-site scripting vulnerability (CNVD-2017-22326)
Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site scripting vulnerability exists in Joomla! CMS versions 1.7.3 to 3.7.2, which stems from a lack of cross-site...
Alpine Linux's package manager buffer error vulnerability
Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...
Libffi Arbitrary Code Execution Vulnerability
libffi is an external function interface library. An arbitrary code execution vulnerability exists in libffi. An attacker can exploit the vulnerability by overwriting the stack and triggering arbitrary code execution...
libplist 'parse_string_node()' local heap buffer overflow vulnerability
libimobiledevice is a software protocol library and tool that allows Linux to support connectivity to iOS devices such as the iPhone, iPodTouch, etc. libplist is one of the libraries that handles the Apple Property List format in binary or XML format. A local heap buffer overflow vulnerability...
Cairo denial of service vulnerability
Cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports doing 2D drawings in multiple contexts and provides high-quality display and printouts. A denial of service vulnerability exists in Cairo version 1.15.4. A...
PHP Denial of Service Vulnerability (CNVD-2017-06940)
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...
LightDM Directory Traversal Vulnerability
LightDM is a set of desktop display managers for Linux desktops. A directory traversal vulnerability exists in the debian/guest-account.sh file in LightDM 1.22.0 and earlier versions. A local attacker can use this vulnerability to obtain the location of an arbitrary directory path and elevate...
ZyXEL EMG2926 Router Remote Command Execution Vulnerability
The ZyXEL EMG2926 is a router manufactured by Hutchinson Technology. The ZyXEL EMG2926 router suffers from an unauthenticated remote command execution vulnerability. The nslookup function is not sufficiently filtered, allowing an unauthenticated attacker to remotely execute arbitrary code...
Microsoft Office Memory Corruption Vulnerability (CNVD-2017-03523)
Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft company. A memory corruption vulnerability exists in Microsoft Word version 2016. A remote attacker can exploit this vulnerability by tricking a user into opening a specially crafted file to execu...
Libming Heap Buffer Overflow Vulnerability
libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A heap buffer overflow vulnerability exists in libming version 0.4.7, which originates when the program fails to adequately perform bounds...
Microsoft SQL Server RDBMS Engine Privilege Escalation Vulnerability
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. A privilege escalation vulnerability exists in the Microsoft SQL Server RDBMS engine. An attacker can...
TLS SHA-1 Spoofing Attack Vulnerability
TLS full name Transport Layer Security is a set of protocols used to provide confidentiality and data integrity between two communicating applications. A security vulnerability exists in SHA-1 in TLS version 1.2. This vulnerability can be exploited by an attacker to perform spoofing attacks...
Microsoft Windows GDI Component Information Disclosure Vulnerability
Microsoft Windows is a popular operating system. An information disclosure vulnerability exists in the Microsoft Windows GDI component that fails to properly handle objects in memory, which could be exploited by remote attackers to obtain sensitive system information...
Redis Out-of-Bounds Remote Code Execution Vulnerability
Redis is a set of open source written in ANSI C , network support , memory-based can also be persistent log-type , key-value store database , and provides a variety of languages API. A remote code execution vulnerability exists in Redis that can be exploited by an attacker to execute arbitrary co...
X.Org libXi Denial of Service Vulnerability (CNVD-2016-08890)
X.Org libXi is an X input extension library operated by the X.Org Foundation. A security vulnerability exists in X.Org libXi, which can be exploited by attackers to cause a denial of service out-of-bounds memory access or infinite loop...
X.Org libXfixes Integer Overflow Vulnerability
X.Org libXfixes is a library of X11-based fixes extensions operated by the X.Org Foundation. An integer overflow vulnerability exists in X.Org libXfixes version 5.0.2 and earlier, which can be exploited to execute arbitrary code and potentially cause a denial of service...
Red Hat oVirt Engine Information Disclosure Vulnerability (CNVD-2016-07080)
Red Hat oVirt Engine is an open source virtualization management platform from Red Hat Red Hat, an open source version of RHEV Platform for Enterprise Virtualization, consisting of the oVirt-node client and the overt-engine management side . An information disclosure vulnerability exists in Red H...
Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-06256)
Internet Explorer is a web browser from Microsoft. Microsoft Internet Explorer 11 does not properly handle memory objects and suffers from a memory corruption vulnerability, which could allow a remote attacker to execute arbitrary code or cause a denial of service via a constructed Web site...
Adobe Flex Buffer Overflow Vulnerability
Adobe Flex is the United States of America Odobie Adobe company's set of free, open source framework for building and maintaining Web applications. A buffer overflow vulnerability exists in the yygetnextbuffer function in Adobe Flex. A remote attacker could exploit this vulnerability to cause a...
Microsoft Office Remote Code Execution Vulnerability (CNVD-2016-04951)
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office, which originates from the program failin...
Microsoft Windows Graphics Component Information Disclosure Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. An information disclosure vulnerability exists in the Graphics Component for Microsoft Windows GDI32.dll that originates from a program's failure to properly handle objects in memory. A remote attacker ...
OpenJPEG 'opj_j2k_write_mco' function memory misreference vulnerability
OpenJPEG is a C-based open source JPEG 2000 codec . A memory misreference vulnerability in the 'opjj2kwritemco' function in OpenJPEG's j2k.c file allows remote attackers to exploit the vulnerability to construct a malicious image that could be tricked into being parsed by the user, crashing the...
Red Hat PolicyKit pkexec Command Execution Vulnerability
Red Hat PolicyKit is a tool from Red Hat for privilege control of applications on Unix-compatible systems. A security vulnerability exists in the pkexec command in Red Hat PolicyKit 0.113 and earlier versions. An attacker could exploit the vulnerability to execute arbitrary commands with user...
Ubuntu Vivid Local Privilege Vulnerability
Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation.Vivid is a development code name for Ubuntu. A local exploit exists in Ubuntu Vivid. A local attacker could exploit this vulnerability to gain elevated privileges...
Ultimate Member WordPress Plugin Reflective Cross-Site Scripting Vulnerability
Ultimate Member is a plugin for creating online communities and user templates for WordPress. Ultimate Member 1.3.28 and earlier versions do not effectively filter the value of the "refer" HTTP GET parameter of "wp-admin/users.php" when "update" is set to "confirmdelete", which allows an...
Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary Java Code Execution Vulnerability
Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary Java code execution vulnerability exists in Symantec Endpoint Protection Manager version 12.1 prior to 12.1-RU6-MP3, which allows remote attackers to execute arbitrary Ja...
Apple OS X Script Editor Restriction Bypass Vulnerability
OS X formerly Mac OS X is the latest version of Apple's proprietary operating system for the Macintosh computer. iOS is an operating system developed by Apple for mobile devices. A security vulnerability exists in Script Editor in Apple OS X versions prior to 10.11.1. A remote attacker could...
Django Remote Denial of Service Vulnerability
Django is a set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has an unspecified security vulnerability vulnerability that allows a remote attacker can exploit the vulnerabili...
Joomla! Helpdesk Pro Plugin Information Disclosure Vulnerability
Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. An information disclosure...
u5CMS Cross-Site Scripting Vulnerability
u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A cross-site scripting vulnerability exists in u5CMS. Th...
Blue Coat ProxyClient / Unified Agent Certificate Validation Spoofing Vulnerability
ProxyClient is Blue Coat's recently released WAN optimization software client with integrated security and control features. Blue Coat ProxyClient 3.3.3.3 and versions 3.4.4.10 prior to 3.4.x and Unified Agent prior to 4.1.3.151952 do not properly validate certain certificates, allowing a...
Multiple buffer overflow vulnerabilities in libsndfile 'src/sd2.c'
libsndfile is a C library for reading and writing sound files such as AIFF, AU and WAV through a standard interface. Multiple buffer overflow vulnerabilities exist in libsndfile 'src/sd2.c' because it fails to properly bounds check user-supplied input. This allows an attacker to execute arbitrary...
IrfanView Out-of-Bounds Read Vulnerability
IrfanView is an image viewer by the individual developer Irfan Skiljan. It supports image browsing, image editing, image format conversion and more. IrfanView suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current proces...
Esri Portal For ArcGIS Cross-Site Scripting Vulnerability
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...
Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19018)
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker exploited the vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...
Mozilla Firefox Code Execution Vulnerability (CNVD-2024-12550)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A code execution vulnerability exists in Mozilla Firefox, which can be exploited by attackers to execute arbitrary code or cause a denial of service on a vulnerable system using unknown attack vectors...
Mozilla Firefox HTTP Header Injection Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an HTTP header injection vulnerability that stems from a Set-Cookie response header being incorrectly executed in a multipart HTTP response, which can be exploited by an...
IBM Operational Decision Manager Code Issue Vulnerability
IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a code issue vulnerability that originates from the ability ...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10440)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by a stack buffer overflow in the WebAudio OscillationNode object. An attacker can exploit this vulnerability to cause the browser ...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10439)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10432)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by an unchecked return value in the TLS handshake code. An attacker can exploit the vulnerability to cause the NSS TLS method to...
Denial of Service Vulnerability in Multiple Mozilla Products (CNVD-2024-10444)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A denia...
SQL Injection Vulnerability in Ruiyou Tianyi Application Virtualization System
Xi'an Ruiyou Information Technology Co., Ltd. is a professional virtualization and cloud computing solution provider. A SQL injection vulnerability exists in Ruiyou Tianyi Application Virtualization System, which can be exploited by attackers to obtain database information and execute commands...
Microsoft Edge (Chromium-based) Security Bypass Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security bypass vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by attackers to bypass security restrictions...
GetSimple CMS Cross-Site Scripting Vulnerability
GetSimple CMS is a content management system CMS written in PHP. A cross-site scripting vulnerability exists in GetSimple CMS version 3.3.16, which stems from the lack of effective filtering and escaping of user-supplied data when adding articles to the /admin/edit.php page, and can be exploited ...
TOTOLINK N350RT password parameter buffer overflow vulnerability
The TOTOLINK N350RT is a small home router from China's Gion Electronics TOTOLINK. The TOTOLINK N350RT suffers from a buffer overflow vulnerability that originates from the failure of the password parameter of the loginAuth function on the /cgi-bin/cstecgi.cgi page to correctly validate the lengt...
Adobe ColdFusion Code Execution Vulnerability (CNVD-2023-100310)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion code execution vulnerability can be exploited by an attacker to execute arbitrary code...
Google Android elevation of privilege vulnerability (CNVD-2024-10418)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76938)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...